Combining Monitoring and Analytics with SCOM & OMS: Q&A Session

Savision recently held an online session “Combining Monitoring and Analytics with SCOM & OMS” featuring MVPs Thomas Maurer and Dieter Wijckmans. There is a lot of debate surrounding SCOM and OMS. Where does SCOM end and OMS start? Is OMS a full SCOM replacement? What are the main differences between both? But most importantly: can they work together? Did you miss the session? If you didn’t, you can still sign up for the on-demand version.

We had many questions that came up during the Q&A of the session. Take a look at the answers by our experts:

1. Can we integrate SCOM and OMS?

Integration is not possible out-of-the-box at this point. Both tools have their pros and cons. For now, it is still a ‘better together’ scenario but not fully integrated.

2. Can OMS integrate (send alerts) to a SCOM 2012 environment?

As showcased during the session, it is possible to send alerts to SCOM using the following steps: OMS Alert => Automation Runbook => event logged in eventlog Azure hybrid worker => picked up by SCOM management Pack.

3. Can SCOM data be sent to OMS?

SCOM is already sending data to OMS. Management packs / views, however, will not be forwarded or sent to OMS.

4. Is there more integration between SCOM & OMS, ie anything specific in the SCOM console itself to look at?

There’s no feedback from OMS to SCOM out-of-the-box. The only way the SCOM console is used today is to configure which machines are actually allowed to send data to your OMS workspace. It is possible to generate alerts in SCOM by using OMS and Azure Automation but nothing out-of-the-box.

5. How secure is it to expose SCOM to the internet while sending logs to OMS?

You can harden the security by using a OMS gateway server which will send that data from 1 central point. More info here.

6. How do Management Packs compare to OMS solutions? What are the differences/similarities?

Management packs hold all the different keys to do efficient monitoring and representation of this monitoring. Solutions rely on data already in the OMS workspace and are mainly focused on visualization.

7. Is there a site that lists the OMS Solutions from Microsoft and 3rd parties?

All solutions are listed in the gallery in OMS itself. Also note the different states of solutions: Private preview, Preview, GA.

If you can get logs out of it, you can monitor it. At this point, there are no custom solutions for the hardware vendors above, but data can be uploaded and visualized in a solution.

9. Can OMS analyze PaloAlto firewall log?

Yes, you can indeed upload your own custom logs and use custom fields and get the data indexed. You can find more info here.

10. Can OMS use SNMP traps to forward alerts?

Yes, you can use an Azure automation runbook which is triggered by an OMS Alert and converts the data received by the alert into an SNMP trap and sends this out.

11. Why not have SCOM alert on failed logon’s in the first place?

This is possible indeed. But as mentioned during the session, it’s possible to use both tools for the same scenario as they overlap to a certain degree. In SCOM you need to have ACS installed to get the security events and work your way up to a monitoring scenario from there. In OMS you can just upload the data and start working with a search query. This scenario was solely for showcasing and not a definitive conclusion on what tool to use for which scenario.

OMS relies on what you actually forward to it. If you forward the OID’s to the workspace you can manipulate them directly in the workspace. OMS at this point is not actively pulling data from network devices.

13. Is there a guide on how to write own customized OMS log queries?

The console itself is based on a suggestion how to proceed system. However, for a clear view on how to start with your OMS search query take a look here.

14. Can we have a copy of the Run Book PowerShell?

Of course. You can reach out to MVP Dieter Wijckmans on Twitter @dieterwijckmans, or you can check out his blog post ‘How to get SCOM alerts in OMS‘.

15. Can OMS be configured for HA?

OMS is HA out of the box because you consume the data and the system itself is managed by Microsoft as a service.

16. Does it require the use of the OMS agent or can it use the SCOM agent?

OMS and SCOM both use the Microsoft management agent (MMA) so there’s no need to install an additional agent on your systems.

17. How effective would network Monitoring be for with OMS?

Network monitoring in OMS is called Wire data. More info can be found here.

18. Is Microsoft beginning to integrate OMS into ITIL processes?

The extension towards ITSM tools are coming indeed. But no word on definitive full integration.

19. Regarding ITIL processes, it really appears that Microsoft is developing entry into ITSM tools versus a two-hop through SCOM?

Correct. But your data still needs to be logged in your ITSM tool. OMS will integrate in the near future.

20. Can alert and performance data collected by SCOM be forwarded to OMS for analytics?

Yes, by using a custom data module provider.

21. Do you know many organizations today that are using SCOM + OMS?

More and more organizations are seeing the benefits of combining SCOM and OMS to solve the monitoring scenarios they face. The license model also encourages customers to embrace OMS and Sysctr / SCOM together. Especially the ease of setup and config really is appealing.

22. Do you have any thoughts on the roadmap for SCOM + OMS moving toward?

SCOM will remain in the update cycle for new features quite some time now. The architecture will probably remain the same so investments made will not be lost. OMS will continue to grow towards a central center of all your data. This data will then be used to further enhance your analytics.

23. Best resources for learning more about OMS?

24. Does OMS surface the data through a published data model?

Not really. OMS is a log analytics tool that uses unstructured data. Queries can be defined and saved, but they don’t really store objects and relationships.

25. Where can we find the SCOM 2012 data model to facilitate / enable reporting and dashboards?

The SCOM data model is based upon “objects and groups”. Objects can be anything from computers, network devices and end-user transaction tests. Groups are used to combine objects together and are the building blocks of Distributed Applications. On top of this, Live Maps can be used to group objects as “Business Services” which is one level higher than DA’s and structures services into End-user/Application/Infrastructure layers.

26. When you create new Services in Live Maps, does it create an underlying Distributed Application? Or is it a completely separate entity/object in SCOM?

Yes, all of our Business Services in Live Maps automatically create a related DA in SCOM which is denoted by the Live Maps symbols, so that you know to edit it using the Live Maps Software. This Distributed Application does come with an extra set of components including the SLO tracking, groups and Dashboards, alongside Service Level Alerts. You can see more information here: Creating Distributed Applications in Live Maps.

27. Is Savision looking into integrating in the future in OMS as a solution?

Yes. We already have an integration with OMS Service Map imported back into SCOM as a Live Map Business Service. We will also have an integration with OMS to display Search Query results as a dashboard in Live Maps. Keep your eyes on this space for more integrations in the future!

28. Any integrations of Savision with new 2016 SRS? PowerBI?

Live Maps groups and Services already integrate into Power BI, plus we have SQL query widgets to help extract more information. Live Maps already support other Webpage outputs in its front-end, so you can integrate with the new portal from SRS next to a Live Maps dashboard immediately. If anyone has any particular Use Cases they would like to see, then we would love to hear back from you. Send us an email to support@savision.com.

29. How are customers integrating OMS into their existing Enterprise Monitoring Framework? Most companies use multiple Enterprise monitoring tools like SCOM, Tivoli, HP OpenView, etc., where Alerts get consolidated into a single pane of glass?

Savision currently offers this single pane of glass through a product that matches this requirement from our customers.